The author is a Forbes contributor. The opinions expressed are those of the writer.

Loading ...

Loading ...

This story appears in the {{article.article.magazine.pretty_date}} issue of {{article.article.magazine.pubName}}. Subscribe

Managed security has evolved dramatically over the last ten years. The first round of vendors were really in the business of outsourced log management. Most of those were acquired by bigger players (Riptech ==> Symantec, Guardent ==> Verisign, Counterpane ==> BT). The new version of these Managed Security Service Providers add much more value by taking an active role in defending their clients’ networks. I call this MSSP 2.0.

The decision to go with an MSSP is based on your answers to these questions:

1. Do you have 24X7X365 security staffing today? Do you plan on hiring?

3. Are you in the security business? Probably not if your business is retail, financial services, e-commerce, healthcare, state or local government.

4. Are you targeted by cyber criminals or nation-state actors?

The answers to these questions can lead you to calling on an MSSP for continuous security operations by personnel who have seen everything.

The following is an interview with Solutionary Chief Security Strategist Don Gray.

http://vimeo.com/27059173

Q: Could you give us a quick introduction to Solutionary?

A: Solutionary is a managed security services provider that helps to protect our customers’ infrastructure, services, devices, and end points, as well the information on them.

Q: Do you typically manage something the customer already has, or do you deploy your own devices as well?

A: We don’t prescribe a certain set of hardware or vender technology. We’re very open to using what the customer has in their infrastructure already, to maximize the investment that has already been made.

Q: How do you tie a variety of devices together into something you can make sense of?

A: We’re very proud of ActiveGuard®, our proprietary system for Solutionary. It takes all the information from those disparate sources, brings it together, normalizes it, and applies correlation and heuristic rules to that information.

Q: Then do you make that available to the customer?

A: Absolutely, we’re completely transparent with our customers. As our customer you can see everything from the raw log line, to the events generated from that log line, to how they were queued up and correlated, to the incident that resulted. There’s no smoke and mirrors--you get a full-depth view of what’s going on inside the system.

Q: Do you have a regional focus? Are you limited to North America?

A: We’re actually not. We operate primarily in North America, but we have a partnership with AsiaPac, and we also have a partner in Europe whom we provide services to.

Q: You have something called a SERT. Tell us about that.

A: SERT is our Security, Engineering, and Research Team. We feed back into the ActiveGuard® platform the intelligence that we gather as we provide services to our customers, and I was very adamant about making sure that our team that does research and feeds it into ActiveGuard® is multidisciplinary. Instead of having a set of separate researchers off to the side, we take individuals from our security consulting services, from our security operations center, and from our security engineering team, then combine them into one team. As a result, I think we have a different focus than a lot of organizations from a research standpoint.

With our SERT, we’ve been able to understand how APT-type attacks are occurring and start to dissect them. We’ve been able to build some capabilities specifically to defend against these types of attacks. We’ve added malicious host identification and detection, so we maintain a proprietary malicious host list and subscribe to some well-known lists. If we see activity occurring from one of those hosts, we can flag it as potentially malicious, even if it doesn’t trip a specific customer device.

We also do a lot of privileged user monitoring for our customers, so when are customers are working on SOX compliance, we’re able to take that privileged user monitoring and integrate that with our analysis. If an APT-style attack happens, where an end point may be compromised, we’re able to see if any privilege escalation may be happening from within that end point.

Finally, we’ve created an ability to understand if an exfiltration has occurred from a cloud perspective. When we take firewall log feeds from our customers we can look at the packet size of what’s coming out of the firewall. Typically when we see these exfiltration activities, they’re anomalous packet sizes.

That’s an example in a nutshell of how having a multidisciplinary team, tying together our security consulting services, our security operations center, and our security engineering team, ultimately has a positive impact on our customers.

Q: It sounds like your SERT is outsourced cyber-defense.

A: It’s not a separate service you buy or something you add on—it’s part of our DNA as a service provider.

Q: Do you get involved when you see that a customer needs to deploy more technology? Do you get involved in those decisions?

A: We do have a security consulting arm geared towards helping customers understand what their security road-map should look like. We don’t necessarily get involved in the actual implementation of devices—we typically have partners who do that—but we absolutely help with strategizing for the customer’s security program.

Q: When your customers do move to a cloud for their data centers, private or public, do you help them do that securely as well?

A: I’m seeing a lot of security professionals being approached by businesses who say, “I want to do this cloud thing for because it will save me a lot money.” The security professionals will reply: “It’s saving you a lot of money because you aren’t doing half the things you need to do for us to comply with our regulations and compliance frameworks.” We’re trying to address that gap. If organizations are moving to a cloud infrastructure with the service, we can help them monitor that securely.

Q: Do you deploy virtual sensors inside those clouds?

A: Absolutely, we do physical collector sensors, but we can do virtual collector sensors as well. In fact, we want to provide services to customers that are moving a portion of their infrastructure to the cloud and provide them with an integrated view, whether from the cloud or from their data center.

We’re also working with partners. For example, we’re working with Diebold to provide ATM monitoring, and we’re actually using Diebold’s cloud data center as a solution point for that. We’re also partnering with SHI Intl., who are going to be delivering cloud services through a virtualized infrastructure. We think we’ve found good combination of working with service providers who are able to offer a cloud framework or cloud service that has the security and compliance baked into it, and working with a customer who wants to move a piece of structure to the cloud. We may not be working with that service provider, but we certainly work with the customer.